Earnings Record Maintenance System
· Name of project.
Earnings Record Maintenance System
· Unique project identifier.
· Privacy Impact Assessment Contact.
Division of Annual Wage Reporting and Balancing
Office of Earnings, Enumeration and Administrative Systems
Social Security Administration
6401 Security Boulevard
Baltimore, MD 21235
· Describe the information to be collected, why the information is being collected, the intended use of the information and with whom the information will be shared.
The Earnings Record Maintenance System (ERMS) is a Social Security Administration (SSA) certified and accredited Major Application consisting of several sub-systems that function to establish, correct and maintain SSA’s major earnings files. ERMS receives earnings data from employers and self-employed individuals and processes that earnings data to our Master Earnings File (MEF). The MEF contains individual earnings histories for each of the 350+ million Social Security numbers that have been assigned to workers. These earnings histories are the basis for determinations of eligibility for retirement, survivor, disability and health insurance benefits under the Title II (Retirement, Survivors, Disability Insurance) and Title XVIII (Health Insurance) programs of the Social Security Act and for computations of benefit amounts payable under both of those programs. The information contained in this system is at the core of SSA’s mission in maintaining a record of earnings for the American public that is later used to determine their entitlement to Social Security benefits. We also use information contained in the ERMS to provide information to current and/or former employers for the purpose of correcting or reconstructing earnings records, for Social Security tax purposes, and to provide workers and self-employed individuals with earnings statements or quarters of coverage statements.
Disclosure of this information is covered by section 6103 of the Internal Revenue Code as well as the Privacy Act. We generally disclose this information only as necessary to process an individual’s claim for benefits, enable current or former employers to correct or reconstruct earnings records, and for Social Security tax purposes, etc., or as authorized by Federal law (e.g., we share information with the Department of Veterans Affairs to administer its programs that are similar to SSA programs). ERMS is not accessible to members of the public.
· Describe the administrative and technological controls that are in place or that are planned to secure the information being collected.
ERMS has undergone authentication and security risk analyses. The latter includes an evaluation of security and audit controls proven to be effective in protecting the information collected, stored, processed, and transmitted by our information systems. These include technical, management, and operational controls that permit access to those users who have an official “need to know.” Audit mechanisms are in place to record sensitive transactions as an additional measure to protect information from unauthorized disclosure or modification.
We protect the information in ERMS by requiring employees who are authorized to access the information system to use a unique Personal Identification Number. In addition, we store the computerized records in secure areas that are accessible to those employees who require the information to perform their official duties. Furthermore, all of our employees who have access to our information systems that maintain personal information must sign a sanction document annually that acknowledges penalties for unauthorized access to, or disclosure of, such information.
· Describe the impact on individuals’ privacy rights.
Are individuals afforded an opportunity to decline to provide information?
We collect information only where we have specific legal authority to do so in order to administer our responsibilities under the Social Security Act. When we collect personal information from individuals, we advise them of our legal authority for requesting the information, the purposes for which we will use and disclose the information, and the consequences of their not providing any or all of the requested information. The individuals can then make informed decisions as to whether or not they should provide the information.
The information that is provided for wage reporting comes directly from employers and not from individuals per se. Since the reporting of wages is tied directly to the Internal Revenue Service’s reporting of wages for tax-related purposes, there is no opportunity for individuals to decline providing the information. Employers are required by law to report employee earnings.
Are individuals afforded an opportunity to consent to only particular uses of the information?
When we collect information from individuals, we advise them of the purposes for which we will use the information. We further advise them that we will disclose this information without their prior written consent only when we have specific legal authority to do so
(e.g., the Privacy Act). We do not have any discretion in disclosing tax return information. Disclosure of that information is covered by section 6103 of the Internal Revenue Code and the Privacy Act.
· Does the collection of this information require a new system of records under the Privacy Act (5 U.S.C. § 552a) or an alteration to an existing system of records?
No. An existing system of records, Earnings Recording and Self-Employment Income System (60-0059), covers ERMS, and it does not require any changes.
PIA CONDUCTED BY PRIVACY OFFICER, SSA:
______________________________ September 25, 2007
PIA REVIEWED BY SENIOR AGENCY PRIVACY OFFICIAL, SSA:
/S/ Thomas W. Crawley________ September 27, 2007